SimpleSAMLphp
This is mostly from the SimpleSAMLphp notes, circa 2018
And then the Next Steps configuring the IdP
Specifically, one must:
- Created a CNAME to the server or proxy server
- Deployed Debian and create shell accounts
- Install nginx-lite and php
sudo apt install nginx-light
sudo apt install php-cli
Install the required PHP libraries[^1] The dom library is now xml[^2]. Also install ldap and fpm and curl
# Check for any missing
php -m | grep -E 'date|dom|hash|libxml'
php -m | grep -E 'openssl|pcre|SPL|zlib|json|mbstring'
sudo apt install php-mbstring php-xml php-ldap php-fpm php-curl
Download the latest version and extract
# Check the link at https://simplesamlphp.org/download
wget *someLink*
# convention is to place in /var
sudo tar -xzf test.tgz -C /var
sudo mv /var/simplesamlphp* /var/simplesamlphp
Setup nginx
# Remove the default config files and content
sudo rm /etc/nginx/sites-available/*
sudo rm /etc/nginx/sites-enabled/*
sudo rm /var/www/html/*
# Add our own
sudo vi /etc/nginx/sites-available/default
server {
listen 80 default_server;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
location ^~ /simplesaml {
alias /var/simplesamlphp/www;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
}
}
}
Make minimal changes to the config.php to enable testing
sudo vi /var/simplesamlphp/config/config.php
'secretsalt' => 'alongstring',
'auth.adminpassword' => 'aPassword',
'enable.saml20-idp' => true,
'module.enable' => [ 'exampleauth' => true, ],
'technicalcontact_email' => '[email protected]',
Configure the example auth
...
/* De-commenting the below */
'example-userpass' => [
...
'student:XXX'
'employee:XXX'
Generate a cert
sudo openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out idp.your.org.crt -keyout idp.your.org.pem
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:Athens
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:Information Technology
Common Name (e.g. server FQDN or YOUR name) []:idp.your.org
Email Address []:[email protected]
mv idm.* /var/simplesamlphp/cert
Edit the idp config
vi /var/simplesamlphp/metadata/saml20-idp-hosted.php
# Should already be uncommented
'auth' => 'example-userpass',
# Needed to be uncommented as per recommendation
/* Uncomment the following to use the uri NameFormat on attributes. */
/* Uncommented */
'attributes.NameFormat'
/* */
And access at http://idp.your.org/simplesaml/
Post Steps
Comment out Languages that are displayed at the top of the page[^5]
/*
'language.available' => [
...
...
*/
//'language.rtl'
1:https://simplesamlphp.org/docs/stable/simplesamlphp-install#section_1 2:https://laracasts.com/discuss/channels/servers/how-do-i-install-the-dom-extension-for-php7 3:https://github.com/simplesamlphp/simplesamlphp/issues/751 4:https://simplesamlphp.org/docs/stable/simplesamlphp-install#section_8 5:https://www.howtodojo.com/2012/12/how-to-remove-languages-on-simplesamlphp/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.